terraform-provider-pass icon indicating copy to clipboard operation
terraform-provider-pass copied to clipboard

Published 20 hours ago verified publisher icon camptocamp

New resource to initialise password store

Open landro opened this issue 5 years ago • 1 comments

It would be great to have some kind of resource for initialising password stores, which currently has to be handled outside of terraform:

    pass init [--path=subfolder,-p subfolder] gpg-id...
        Initialize new password storage and use gpg-id for encryption.
        Selectively reencrypt existing passwords using new gpg-id.

Something like this

resource pass_password_store "secret" {
  path = "location of password store"
  gpg-ids = ["ID1", "ID2", "ID3"]

  subfolder {
    path = "subfolder1"
    gpg-ids = ["ID1", "ID2"]
  } 
  subfolder {
    path = "subfolder2"
    gpg-ids = ["ID2", "ID3"]
  }
}

Don't know how well this aligns with the current provider config, but not having to maintain password store access control outside of terraform is kinda painful.

landro avatar May 29 '19 12:05 landro

And it would even make sense to have a data source that returns the current subfolder gpg-id lists for the individual folders.

landro avatar May 29 '19 12:05 landro